Fixed bug for emergency collection in upvalue creation

When creating an upvalue, an emergency collection can collect the previous upvalue where the new one would be linked. The following code can trigger the bug, using valgrind on Lua compiled with the -DHARDMEMTESTS option: local x; local y (function () return y end)(); (function () return x end)()
2019-07-19 12:13:00 -03:00
parent dc07719b0d
commit 440a5ee78c
3 changed files with 10 additions and 8 deletions
--- a/lfunc.c
+++ b/lfunc.c
@@ -82,20 +82,22 @@ static UpVal *newupval (lua_State *L, int tbc, StkId level, UpVal **prev) {


 /*
-** Find and reuse, or create if it does not exist, a regular upvalue
-** at the given level.
+** Find and reuse, or create if it does not exist, an upvalue
+** at the given level and set it to the given slot.
 */
-UpVal *luaF_findupval (lua_State *L, StkId level) {
+void luaF_setupval (lua_State *L, StkId level, UpVal **slot) {
  UpVal **pp = &L->openupval;
  UpVal *p;
  lua_assert(isintwups(L) || L->openupval == NULL);
  while ((p = *pp) != NULL && uplevel(p) >= level) {  /* search for it */
+    *slot = p;
    if (uplevel(p) == level && !isdead(G(L), p))  /* corresponding upvalue? */
-      return p;  /* return it */
+      return;  /* found it */
    pp = &p->u.open.next;
  }
-  /* not found: create a new upvalue after 'pp' */
-  return newupval(L, 0, level, pp);
+  /* not found: create a new upvalue after 'pp' (which is
+    anchored in 'slot', in case of an emergency collection) */
+  *slot = newupval(L, 0, level, pp);
 }